Re: How do I run sshd as a particular user?

Sat, 12 Apr 2008 02:07:20 -0700 

On Apr 12 01:11, Robert McKay wrote:
> In order to run sshd as an unprivileged user I had to use a nasty
> hexedit hack on the sshd.exe file to replace the seteuid() call (which
> fails / returns -1 without admin privileges and causes sshd to exit)
> with a call to isalpha() which has (almost) the same function
> prototype, but always returns 0 unless your userid 'is an alphanumeric
> charater' :)

Aaaaargh!

I don't know what you're doing wrong but this is *totally* unnecessary.
You can run sshd as unprivileged user without having to change the
sshd code.  You can do this while another sshd is running on
port 22 under a privileged account.  What the user has to do is to create
her own sshd_config file and own host keys.  If no other sshd is running
on the machine, just chown the host key files in /etc and switch off
privilege separation in /etc/sshd_config.

For kicks I just tried it.  What I did:

  $ uname -a
  CYGWIN_NT-6.0 vmbert2k8 1.5.25(0.156/4/2) 2008-03-06 17:01 i686 Cygwin
  $ id
  uid=1004(hein) gid=513(None) groups=513(None),545(Users)
  $ pwd
  /home/hein
  $ mkdir -p etc var/run
  $ cp /etc/sshd_config etc
  $ vi etc/sshd_config
  [Set `Port 2022']
  [Set `HostKey /home/hein/etc/ssh_host_rsa_key']
  [Set `UsePrivilegeSeparation no']
  [Set `PidFile /home/hein/var/run/sshd.pid']
  [:wq!]
  $ ssh-keygen -t rsa -f /home/hein/etc/ssh_host_rsa_key -N ''
  Generating public/private rsa key pair.
  Your identification has been saved in /home/hein/etc/ssh_host_rsa_key.
  Your public key has been saved in /home/hein/etc/ssh_host_rsa_key.pub.
  The key fingerprint is:
  02:5d:02:5d:e8:2e:c6:b9:4c:d9:93:6c:13:ef:5d:61 [EMAIL PROTECTED]
  $ /usr/sbin/sshd -f sshd_config -D

Then, from another machine:

  $ uname -a
  Linux calimero 2.6.23.17-LL #1 SMP Tue Mar 25 11:21:47 CET 2008 x86_64 x86_64 
x86_64 GNU/Linux
  $ ssh -l hein -p 2022 vmbert2k8
  [EMAIL PROTECTED]'s password: 
  Fanfare!!!
  You are successfully logged in to this server!!!

  [EMAIL PROTECTED]
  $ 


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Reply via email to